According to Motherboard, Apple has come up with a way to protect iOS from zero-click exploits. These vulnerabilities are ones that allow a hacker to take control of an iPhone without any interaction from the victim. The change developed by Apple has been silently added to the iOS 14.5 beta giving iPhone users another reason to look forward to the final version of the update. Some of the features coming in the next iOS build include one that allows a face mask wearing iPhone user to have his phone unlocked automatically if he is wearing an unlocked Apple Watch. The update adds new emoji and the App Tracking Transparency feature that stops a user from being tracked by a third party app unless he decides to opt-in to be tracked.
Apple makes zero-click exploits harder for hackers to employ in the upcoming iOS 14.5 update coming this spring
According to a source who develops exploits for government customers, the changes made by Apple "...will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder." With zero-click attacks taking place without any action needed on the part of the phone owner, such attacks are generally harder for the target to detect and are more sophisticated. A feature of iOS called ISA pointers tell the operating system what code to use. According to Apple's Platform Security Guide, Apple now uses cyptography to validate these pointers via the use of Pointer Authentication Codes (or PAC). This is a new form of protection for Apple and prevents hackers from using malicious code in an attack. A member of security firm Zimperium, Adam Donenfeld, noticed the change earlier this month when he reversed engineered the iOS 14.5 beta.
Not only did Apple tell Motherboard that this change will help protect the iPhone from zero-click attacks, Donenfeld said in an online chat that "Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and 0clicks." And now the bad actors are the ones upset. An iOS security researcher, who requested anonymity because he is not authorized to speak to the media, said that many hackers are upset "because some techniques are now irretrievably lost."
Just this last December, a zero-click AirDrop exploit was discovered. AirDrop is a feature that allows iOS users to send and receive files from other nearby iOS devices. Discovered by Google's Project Zero, the vulnerability was patched by Apple in iOS 13.5. It only required that the attacker be within Wi-Fi distance of the target device. It did take the hackers six months to take advantage of this vulnerability although hackers with better technology might have had an easier time of it. In addition, there never was any solid proof found showing that the hackers did indeed take advantage of the AirDrop vulnerability. Zero-click exploits are scary because not only don't they rely on the user of the targeted device doing something to set off the hack, most of the the time the victom has no idea that his phone has been chosen until it starts doing strange things.
Zimperium's Donenfeld points out that hackers will be looking for new techniques to replace the ones that have been lost. In addition, he says that even though zero-clicks are now harder to pull off, they are not impossible to use for attacks. "This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off," noted Jamie Bishop, who is one of the developers of the popular Checkra1n jailbreak. Still, by making a zero-click attack harder to pull off, iPhone users need to install iOS 14.5 as soon as the final public version becomes available this spring.